Our company recently transferred to fully online from in office due to the current crisis. We currently are using a sonicwall tz400 for our firewall and the Global VPN IPSec tunnel for connecting to the office's server. The server is centos with SMB shares setup. The client pc is a standard windows 10 os. We have had incredibly slow download and upload speeds to the server for all file types. Some specs are listed below:

Office download and upload speeds : 400mbps down, 20mbps up.

Client download and upload speeds : 1gbps down, 1gbps up.

When transferring through the standard windows explorer mapped network drive after connecting to the Global VPN on the client pc we experience download speeds of 1MB/s and upload speeds of 710KB/s.

At first I thought this was a SMB issue since its a "chatty protocol" and I am experiencing 30-50ms latency. When i tested it with winscp or filezilla the speeds remained the same.

I have all packet inspection off (for testing purposes), no BWM setup, I have the proper mtu value set. I am running out of solutions!

My question is where am I getting capped? Is it the firewall config? Why would ftp be slow too? I called the ISP and they were no help per usual.

Maybe other alternatives for remote server file access? Most files being transferred are 1-3gigs since we are a media company. So these slow speeds are hurting workflow alot and need to be fixed asap.

13 Replies

That kind of pitiful performance is typical of SMB, regardless of internet speed. It's a poor protocol to traverse the Internet.

Your post seems to indicate that you didn't think it was only affecting SMB but didn't give many details as to why you thought this - can you clarify some more? FTP may give you better performance.

If you're dealing with large files like this, the best solution is to remote-into a local device via RDP or similar. Possible alternatives are a) have some other sort of download and re-upload solution, or b) what you've got right now.

Also, do you have any QoS rules on either end that may be affecting performance? The TZ400 itself should be fine, capacity-wise.

Moikerz I tested file transfers by using filezilla and the speeds were still super slow using FTP. That is why I thought maybe it wasn't a SMB issue and instead either an ISP issue or a sonicwall config issue. I might be wrong though? I also tried using a webdav transfer solution in Nextcloud, but that also had the same speeds of 1MB/s and 710KB/s.

The boss doesn't want to use RDP for some reason, so that is unfortunately not possible. I have not touched any QoS rules at all, so they are all set at default. Since I only care about the file transfers should I put in place a rule that prioritizes VPN to WAN traffic, or LAN to WAN? Or what specifically would that look like?

Moikerz​ Taking SMB out of the question, after connecting to the VPN and using ftp thru filezilla, the speeds are the same slow speeds. That is the real crux of my situation. Is that an issue with config in the sonicwall, or maybe being throttled somehow by ISP? Or what might cause FTP to be the same slow speed as SMB?

I can't help much with specific Sonicwall programming. I doubt any sort of prioritization would help the SMB rates. I'm sure most people here would agree that might be a dead duck.

If the boss is against RDP to a local device, what about a different remote-access method such as Splashtop or Teamviewer (or many others)? It still means connecting to a local device though.

Otherwise, you may need to look for non-VPN with non-SMB-access solutions. This might involve secure online storage rather than local storage, such as Sharepoint, AWS, Google Drive, and so forth.

Thanks for highlighting Splashtop. Splashtop Business Access is secure and high performance. We have seen many customers moving from VPN to Splashtop for enhanced performance, security (& support personal devices), reliability, and ease-of-deployment and scaling. Splashtop's advantages over VPN/RDP: https://www.splashtop.com/rdp-vpn-alternative Splashtop is also cost effective starting at $5 per user per month (billed annually). Over 200k businesses large and small are customers today. I'm here to answer any question.

I know it's not the answer you're looking for but like I said, multiple units, etc... a dozen different firmware updates on the NSA units...

We always had unacceptable VPN performance. Support always has a million different things for you to try and wants you to use that awful packet capture tool that nobody can ever figure out to try and identify the problem.

If it won't flow FTP over it, there's something wrong, and it's not just the brand.

20 megabits up? e.g. 2.5 megabytes up? so a client getting 1 megabyte down is half the capacity of the link, if it's not doing anything else?

spicehead-zngea wrote:

@furicle exactly why I'm confused. I have the link set to 1gb full duplex as well. Forgot to add that part.

Make a FTP rule and eliminate the VPN - you'll see the performance pick up substantially.

In addition, the server is on coax infrastructure (the up/down speeds are my clue at least) and on a shared medium your performance is going to be a little iffy with everyone killing the local cable companies on bandwidth.

Also, for your centOS server, what version of SMB is it running, and what is actually being established? SMB 3.1 is way more WAN friendly than 2.